From fe03e6f93e7f47157dc0e549ff2ff382a05dfe28 Mon Sep 17 00:00:00 2001 From: Jason Etheridge Date: Thu, 20 Sep 2012 11:27:43 -0400 Subject: [PATCH] lp1053026, more granular toolbar editing perms client-side checking only to keep the honest folk out Adds ADMIN_TOOLBAR_FOR_ORG, ADMIN_TOOLBAR_FOR_USER, and ADMIN_TOOLBAR_FOR_WORKSTATION to the permission list Staff needs at least one of these to create a toolbar, and they still need the original ADMIN_TOOLBAR permission which is used on the server side of things. For editing an existing toolbar, staff needs the perm corresponding to the toolbar's ownership type (for example, if the toolbar is associated with a user, then ADMIN_TOOLBAR_FOR_USER is needed). For changing the ownership type of a toolbar one is allowed to edit, you need the corresponding perm for the desired ownership type. Signed-off-by: Jason Etheridge Signed-off-by: Kathy Lussier --- Open-ILS/src/sql/Pg/950.data.seed-values.sql | 8 +- .../src/sql/Pg/upgrade/XXXX.data.toolbar_perms.sql | 35 ++++++++ Open-ILS/xul/staff_client/server/admin/toolbar.js | 93 +++++++++++++++++++++- 3 files changed, 134 insertions(+), 2 deletions(-) create mode 100644 Open-ILS/src/sql/Pg/upgrade/XXXX.data.toolbar_perms.sql diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql index 7a6eb16880..5668078c5d 100644 --- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql +++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql @@ -1567,7 +1567,13 @@ INSERT INTO permission.perm_list ( id, code, description ) VALUES ( 538, 'VIEW_SEARCH_FILTER_GROUP', oils_i18n_gettext( 538, 'Allows staff to view search filter groups and entries', 'ppl', 'description' )), ( 539, 'UPDATE_ORG_UNIT_SETTING.ui.hide_copy_editor_fields', oils_i18n_gettext( 539, - 'Allows staff to edit displayed copy editor fields', 'ppl', 'description' )) + 'Allows staff to edit displayed copy editor fields', 'ppl', 'description' )), + ( 540, 'ADMIN_TOOLBAR_FOR_ORG', oils_i18n_gettext( 540, + 'Allows a user to create, edit, and delete custom toolbars for org units', 'ppl', 'description')), + ( 541, 'ADMIN_TOOLBAR_FOR_WORKSTATION', oils_i18n_gettext( 541, + 'Allows a user to create, edit, and delete custom toolbars for workstations', 'ppl', 'description')), + ( 542, 'ADMIN_TOOLBAR_FOR_USER', oils_i18n_gettext( 542, + 'Allows a user to create, edit, and delete custom toolbars for users', 'ppl', 'description')) ; diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.data.toolbar_perms.sql b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.toolbar_perms.sql new file mode 100644 index 0000000000..36b9a7bb78 --- /dev/null +++ b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.toolbar_perms.sql @@ -0,0 +1,35 @@ +BEGIN; + +SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version); + +INSERT INTO permission.perm_list ( id, code, description ) VALUES ( + 540, + 'ADMIN_TOOLBAR_FOR_ORG', + oils_i18n_gettext( + 540, + 'Allows a user to create, edit, and delete custom toolbars for org units', + 'ppl', + 'description' + ) +), ( + 541, + 'ADMIN_TOOLBAR_FOR_WORKSTATION', + oils_i18n_gettext( + 541, + 'Allows a user to create, edit, and delete custom toolbars for workstations', + 'ppl', + 'description' + ) +), ( + 542, + 'ADMIN_TOOLBAR_FOR_USER', + oils_i18n_gettext( + 542, + 'Allows a user to create, edit, and delete custom toolbars for users', + 'ppl', + 'description' + ) +); + +COMMIT; + diff --git a/Open-ILS/xul/staff_client/server/admin/toolbar.js b/Open-ILS/xul/staff_client/server/admin/toolbar.js index d0dc3cc37d..8e04b8ac6e 100644 --- a/Open-ILS/xul/staff_client/server/admin/toolbar.js +++ b/Open-ILS/xul/staff_client/server/admin/toolbar.js @@ -56,8 +56,41 @@ function my_init() { $('context_usr').setAttribute('label', fieldmapper.IDL.fmclasses.atb.field_map.usr.label); $('context_ws').setAttribute('label', fieldmapper.IDL.fmclasses.atb.field_map.ws.label); + + var perms_not_had = perm_check(); + if (perms_not_had.length == 3) { // has none of those perms + $('New').disabled = true; + } + + } catch(E) { + try { g.error.standard_unexpected_error_alert('admin/toolbar.xul',E); } catch(F) { alert(E); } + } +} + +function perm_check(use_this_org, use_these_perms) { + try { + // poor man's perm check - just a screen door to keep the honest folk out + + var context_org = use_this_org || ses('ws_ou'); + var perms_to_check = use_these_perms || [ 'ADMIN_TOOLBAR_FOR_ORG', 'ADMIN_TOOLBAR_FOR_WORKSTATION', 'ADMIN_TOOLBAR_FOR_USER' ]; + + JSAN.use('util.network'); + var net = new util.network(); + var robj = net.simple_request( + 'PERM_CHECK',[ + ses(), + ses('staff_id'), + context_org, + perms_to_check + ] + ); + if (typeof robj.ilsevent != 'undefined') { + throw(robj); + } + return robj; } catch(E) { try { g.error.standard_unexpected_error_alert('admin/toolbar.xul',E); } catch(F) { alert(E); } + return perms_to_check; // assume failure so return the perms } } @@ -140,6 +173,53 @@ function handle_list1_selection(ev) { g.layout = JSON2js(g.selected_atb.layout()); populate_list2_list3(); xulG.render_toolbar_layout(g.layout); + + // permission checks + + var perms_not_had = perm_check( g.selected_atb.org() ); + var disable_editing = false; + for (var i = 0; i < perms_not_had.length; i++) { + if (perms_not_had[i] == 'ADMIN_TOOLBAR_FOR_ORG' && g.selected_atb.org()) { + disable_editing = true; + } + if (perms_not_had[i] == 'ADMIN_TOOLBAR_FOR_WORKSTATION' && g.selected_atb.ws()) { + disable_editing = true; + } + if (perms_not_had[i] == 'ADMIN_TOOLBAR_FOR_USER' && g.selected_atb.usr()) { + disable_editing = true; + } + } + if (g.selected_atb.usr() && ( g.selected_atb.usr() != ses('staff_id') ) ) { + disable_editing = true; // if a user toolbar, only allow editing of your own toolbars (just in case) + } + + if (disable_editing) { + ['Add','Remove','Up','Down','Delete','Save','context_org','context_ws','context_usr'].forEach( + function(e,i,a) { + $(e).disabled = true; + } + ); + } else { + ['Add','Remove','Up','Down','Delete','Save','context_org','context_ws','context_usr'].forEach( + function(e,i,a) { + $(e).disabled = false; + } + ); + } + + // don't allow changing ownership axis without perm + for (var i = 0; i < perms_not_had.length; i++) { + if (perms_not_had[i] == 'ADMIN_TOOLBAR_FOR_ORG') { + $('context_org').disabled = true; + } + if (perms_not_had[i] == 'ADMIN_TOOLBAR_FOR_WORKSTATION') { + $('context_ws').disabled = true; + } + if (perms_not_had[i] == 'ADMIN_TOOLBAR_FOR_USER') { + $('context_usr').disabled = true; + } + } + } catch(E) { alert('Error in toolbar.js, handle_list1_selection(): ' + E); } @@ -500,6 +580,11 @@ function Delete(ev) { function New(ev) { try { + var perms_not_had = perm_check(); + if (perms_not_had.length == 3) { + return; // we do disable the New button, but Operator Change can get around that + } + var name = window.prompt('Enter label for toolbar:'); if (!name) { return; } @@ -507,7 +592,13 @@ function New(ev) { new_atb.isnew('1'); new_atb.label(name); new_atb.layout('[]'); - new_atb.usr(ses('staff_id')); + if (perms_not_had.indexOf('ADMIN_TOOLBAR_FOR_USER') == -1) { + new_atb.usr(ses('staff_id')); + } else if (perms_not_had.indexOf('ADMIN_TOOLBAR_FOR_WORKSTATION') == -1) { + new_atb.ws(ses('ws_id')); + } else if (perms_not_had.indexOf('ADMIN_TOOLBAR_FOR_ORG') == -1) { + new_atb.org($('lib_menu').value); + } var rdata = g.list1.append({ 'row' : { -- 2.11.0